Yeah it may not actually an error.Thanks.
I also think ipsec should't use tunnel-mode because L2tp has been a tunnel
itself.
It's not clear to me that it's actually an error, since RFC 2888 says 'A new
RADIUS attribute IPSEC_MANDATE (91) _may_ be defined for each user.' (my
emphasis) but does not actually define the attribute (at least in the
traditional, RFC 2865 fashion). RADIUS attribute 91 is registered w/IANA as
Tunnel-Server-Auth-ID (see
http://www.isi.edu/in-notes/iana/assignments/radius-types). BTW, RFC 2888
describes using IPSEC _tunnel_ mode with L2TP, which is in direct
contradiction to the direction of the L2TP WG (as described in
draft-ietf-l2tpext-security-02.txt).
-
This message was passed through ietf+censored(_at_)alvestrand(_dot_)no, which
is a sublist of ietf(_at_)ietf(_dot_)org(_dot_) Not all messages are passed.
Decisions on what to pass are made solely by Harald Alvestrand.